From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org X-Spam-Level: X-Spam-Status: No, score=-17.4 required=3.0 tests=DKIMWL_WL_MED,DKIM_SIGNED, DKIM_VALID,DKIM_VALID_AU,HEADER_FROM_DIFFERENT_DOMAINS,INCLUDES_PATCH, MAILING_LIST_MULTI,SIGNED_OFF_BY,SPF_HELO_NONE,SPF_PASS,USER_AGENT_GIT, USER_IN_DEF_DKIM_WL autolearn=ham autolearn_force=no version=3.4.0 Received: from mail.kernel.org (mail.kernel.org [198.145.29.99]) by smtp.lore.kernel.org (Postfix) with ESMTP id A7D06C11D05 for ; Thu, 20 Feb 2020 14:19:34 +0000 (UTC) Received: from kanga.kvack.org (kanga.kvack.org [205.233.56.17]) by mail.kernel.org (Postfix) with ESMTP id 4C66A206E2 for ; Thu, 20 Feb 2020 14:19:34 +0000 (UTC) Authentication-Results: mail.kernel.org; dkim=pass (2048-bit key) header.d=google.com header.i=@google.com header.b="ajF+nKm6" DMARC-Filter: OpenDMARC Filter v1.3.2 mail.kernel.org 4C66A206E2 Authentication-Results: mail.kernel.org; dmarc=fail (p=reject dis=none) header.from=google.com Authentication-Results: mail.kernel.org; spf=pass smtp.mailfrom=owner-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix) id 9CE856B0005; Thu, 20 Feb 2020 09:19:33 -0500 (EST) Received: by kanga.kvack.org (Postfix, from userid 40) id 958286B0006; Thu, 20 Feb 2020 09:19:33 -0500 (EST) X-Delivered-To: int-list-linux-mm@kvack.org Received: by kanga.kvack.org (Postfix, from userid 63042) id 81FB66B0007; Thu, 20 Feb 2020 09:19:33 -0500 (EST) X-Delivered-To: linux-mm@kvack.org Received: from forelay.hostedemail.com (smtprelay0062.hostedemail.com [216.40.44.62]) by kanga.kvack.org (Postfix) with ESMTP id 674FC6B0005 for ; Thu, 20 Feb 2020 09:19:33 -0500 (EST) Received: from smtpin08.hostedemail.com (10.5.19.251.rfc1918.com [10.5.19.251]) by forelay03.hostedemail.com (Postfix) with ESMTP id 037C9824934B for ; Thu, 20 Feb 2020 14:19:33 +0000 (UTC) X-FDA: 76510713384.08.mine23_3630e1764464f X-HE-Tag: mine23_3630e1764464f X-Filterd-Recvd-Size: 4099 Received: from mail-wr1-f74.google.com (mail-wr1-f74.google.com [209.85.221.74]) by imf11.hostedemail.com (Postfix) with ESMTP for ; Thu, 20 Feb 2020 14:19:32 +0000 (UTC) Received: by mail-wr1-f74.google.com with SMTP id 50so1812374wrc.2 for ; Thu, 20 Feb 2020 06:19:32 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=20161025; h=date:message-id:mime-version:subject:from:to:cc; bh=UNlPHrhz2kZWv/9q8fQt17ZUaDBQ0fpG/HdjNpQio7Q=; b=ajF+nKm6zwkDMm/8OJcJvlv0HyT+BWrBz1HkoZxAURCRUeF7sMp3dDbY9W5Z5BcXu2 SgnQCeisoQmDelTYLnjyC4XbkUmeGvC+3gWt30GaaDBXqLlY3/1iGM8OrXPzeKdggYXW KcVMB6X7M9BPX/ZA4c/A6pUgujOMq6rmkNdjHOEOS4PHg1Aft0OsVdFBoh9ZSKdUu7vf cNeHShBPDvlV1GrYY6lIRIOhAhtTwQM1ZQqS6TPkazwvaEHN65jUsHa5DTchICZch2ON cezrq2PzhhMHIkuexGD6ZybikXo+0ZgxewpA1VIzT24CSJov1sY2o0EWOXVnZkKcaf6H 4DuA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:date:message-id:mime-version:subject:from:to:cc; bh=UNlPHrhz2kZWv/9q8fQt17ZUaDBQ0fpG/HdjNpQio7Q=; b=gtO1LGM6SgHjnMnVX47nhdysYpbUQsdfHtDaiRV9yVhQYINWhRM5V/W2pAwgBM8TNz 9wzdHkx06HGKQ30uZXcaImYBBNZNQ4LWkqLNoHHyazhJR3/n6fN5gPqMAorBWx1X0hz5 UZcTHh6HTy/hqqs2Fvx1b0Fi0rcXjFK/gBq52d2bx0t0REO3RPvOJ9vqC36QCsKtVz0z OU84aHubwAtgzfFhYBL4IOnvWtJhsFNs3gzAjUihKRd/cN2BLEVGZ+ozozcZJbxNvp+r eSbicVARA5tmD84B6LPSdxp/lK0YRZmeVPww0Bfxqlc2SCYVvGSyJ0wNQiMO6P/EEOXy lg0A== X-Gm-Message-State: APjAAAXLKc94gjMYOE/a3w9XrkxIAqYfyDzWRLXbPVzDZDG33eXmHVTu oTCu0LMl+EMOTPt8Y3ThLxTu2Djn6zA= X-Google-Smtp-Source: APXvYqx+l2xnjcZBUCDOZvLUYqZQvgtAhIbUMvUEklSLVfv3ANGBT5XqV49BoENsJYbgsUw9WsZYiBr8XIE= X-Received: by 2002:adf:fa50:: with SMTP id y16mr40859361wrr.183.1582208370718; Thu, 20 Feb 2020 06:19:30 -0800 (PST) Date: Thu, 20 Feb 2020 15:19:14 +0100 Message-Id: <20200220141916.55455-1-glider@google.com> Mime-Version: 1.0 X-Mailer: git-send-email 2.25.0.265.gbab2e86ba0-goog Subject: [PATCH 1/3] stackdepot: check depot_index before accessing the stack slab From: glider@google.com To: dvyukov@google.com, andreyknvl@google.com, aryabinin@virtuozzo.com, akpm@linux-foundation.org Cc: sergey.senozhatsky@gmail.com, arnd@arndb.de, linux-mm@kvack.org, vegard.nossum@oracle.com, elver@google.com, Alexander Potapenko Content-Type: text/plain; charset="UTF-8" X-Bogosity: Ham, tests=bogofilter, spamicity=0.000000, version=1.2.4 Sender: owner-linux-mm@kvack.org Precedence: bulk X-Loop: owner-majordomo@kvack.org List-ID: Avoid crashes on corrupted stack ids. Despite stack ID corruption may indicate other bugs in the program, we'd better fail gracefully on such IDs instead of crashing the kernel. This patch has been previously mailed as part of KMSAN RFC patch series. Signed-off-by: Alexander Potapenko To: Alexander Potapenko Cc: Vegard Nossum Cc: Dmitry Vyukov Cc: Marco Elver Cc: Andrey Konovalov Cc: linux-mm@kvack.org --- lib/stackdepot.c | 17 +++++++++++++++-- 1 file changed, 15 insertions(+), 2 deletions(-) diff --git a/lib/stackdepot.c b/lib/stackdepot.c index 81c69c08d1d15..a2f6cb900db80 100644 --- a/lib/stackdepot.c +++ b/lib/stackdepot.c @@ -202,9 +202,22 @@ unsigned int stack_depot_fetch(depot_stack_handle_t handle, unsigned long **entries) { union handle_parts parts = { .handle = handle }; - void *slab = stack_slabs[parts.slabindex]; + void *slab; size_t offset = parts.offset << STACK_ALLOC_ALIGN; - struct stack_record *stack = slab + offset; + struct stack_record *stack; + + if (parts.slabindex > depot_index) { + WARN(1, "slab index %d out of bounds (%d) for stack id %08x\n", + parts.slabindex, depot_index, handle); + *entries = NULL; + return 0; + } + slab = stack_slabs[parts.slabindex]; + stack = slab + offset; + if (!stack) { + *entries = NULL; + return 0; + } *entries = stack->entries; return stack->size; -- 2.25.0.265.gbab2e86ba0-goog